From 1ef5f54f03fa8bc7adeb321e2ccb1741a1d7b045 Mon Sep 17 00:00:00 2001
From: Patrick McDermott <patrick.mcdermott@libiquity.com>
Date: Sat, 08 Aug 2020 03:59:23 -0400
Subject: build, s_client: Support certificates file

---
diff --git a/configure.ac b/configure.ac
index f118f3d..a0ebafc 100644
--- a/configure.ac
+++ b/configure.ac
@@ -99,54 +99,71 @@ for flag in -Os -fno-unwind-tables -fno-asynchronous-unwind-tables \
 	AX_CHECK_COMPILE_FLAG([${flag}], [AX_APPEND_FLAG([${flag}])])
 done
 
-AC_ARG_WITH([ca-certificates],
-	[AS_HELP_STRING([--with-ca-certificates=PATH],
-		[path to CA root certificates])],
+HAVE_CA_CERTS=''
+CA_CERTS_DIR='NULL'
+CA_CERTS_FILE='NULL'
+AC_ARG_WITH([ca-certificates-dir],
+	[AS_HELP_STRING([--with-ca-certificates-dir=PATH],
+		[path to CA root certificates directory])],
 	[
 		case "${withval}" in
 			'yes'|'')
 				HAVE_CA_CERTS='1'
-				CA_CERTS=''
 				;;
 			'no')
 				HAVE_CA_CERTS='0'
-				CA_CERTS=''
 				;;
 			*)
 				HAVE_CA_CERTS='1'
-				CA_CERTS="${withval}"
+				CA_CERTS_DIR="\"${withval}\""
 				;;
 		esac
-	],
-	[
-		HAVE_CA_CERTS='?'
-		CA_CERTS=''
 	]
 )
-if test x"${HAVE_CA_CERTS}" != x'0' && test x"${CA_CERTS}" = x''; then
-	AC_MSG_CHECKING([for CA root certificates])
+if test x"${HAVE_CA_CERTS}" != x'0' && test x"${CA_CERTS_DIR}" = x'NULL'; then
+	AC_MSG_CHECKING([for CA root certificates directory])
 	for d in /etc/ssl/certs /usr/lib/ssl/certs /usr/share/ssl \
 			/usr/local/ssl /etc/ssl /usr/share/ca-certificates; do
 		if test -d "${d}"; then
 			AC_MSG_RESULT([${d}])
 			HAVE_CA_CERTS='1'
-			CA_CERTS="${d}"
+			CA_CERTS_DIR="\"${d}\""
 			break
 		fi
 	done
-	if test x"${CA_CERTS}" = x''; then
+	if test x"${CA_CERTS_DIR}" = x'NULL'; then
 		AC_MSG_RESULT([no])
 		if test x"${HAVE_CA_CERTS}" = x'1'; then
-			AC_MSG_ERROR([CA root certificates not found])
+			AC_MSG_ERROR([CA root certificates directory not found])
 		fi
 		HAVE_CA_CERTS='0'
 	fi
 fi
+AC_ARG_WITH([ca-certificates-file],
+	[AS_HELP_STRING([--with-ca-certificates-file=PATH],
+		[path to CA root certificates file])],
+	[
+		case "${withval}" in
+			'yes'|'')
+				AC_MSG_ERROR([--with-ca-certificates-file $(: \
+					)requires an argument])
+				;;
+			'no')
+				;;
+			*)
+				HAVE_CA_CERTS='1'
+				CA_CERTS_FILE="\"${withval}\""
+				;;
+		esac
+	]
+)
 AC_DEFINE_UNQUOTED([HAVE_CA_CERTS], [${HAVE_CA_CERTS}],
 	[Define to 1 to verify certificates against installed CA root
 		certificates.])
-AC_DEFINE_UNQUOTED([CA_CERTS], ["${CA_CERTS}"],
-	[Define to the path to CA root certificates.])
+AC_DEFINE_UNQUOTED([CA_CERTS_DIR], [${CA_CERTS_DIR}],
+	[Define to the path to CA root certificates directory.])
+AC_DEFINE_UNQUOTED([CA_CERTS_FILE], [${CA_CERTS_FILE}],
+	[Define to the path to CA root certificates file.])
 
 PKG_PROG_PKG_CONFIG()
 PKG_CHECK_MODULES([WOLFSSL], [wolfssl])
diff --git a/src/s_client.c b/src/s_client.c
index 8da7401..cf7440d 100644
--- a/src/s_client.c
+++ b/src/s_client.c
@@ -254,7 +254,8 @@ s_client(int argc, char **argv)
 	}
 
 #if defined(HAVE_CA_CERTS) && HAVE_CA_CERTS
-	if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, CA_CERTS,
+	if (wolfSSL_CTX_load_verify_locations_ex(ctx,
+				CA_CERTS_FILE, CA_CERTS_DIR,
 				WOLFSSL_LOAD_FLAG_IGNORE_ERR) !=
 			WOLFSSL_SUCCESS) {
 		fputs("Failed to load CA certificates\n", stderr);
--
cgit v0.9.1